package org.elasticsearch.xpack.security.authc;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.xpack.security.authc.Realm;
import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;

/* loaded from: input_file:x-pack-api-5.4.3.jar:org/elasticsearch/xpack/security/authc/Realms.class */
public class Realms extends AbstractComponent implements Iterable<Realm> {
    private final Environment env;
    private final Map<String, Realm.Factory> factories;
    private final XPackLicenseState licenseState;
    private final ThreadContext threadContext;
    private final ReservedRealm reservedRealm;
    protected List<Realm> realms;
    List<Realm> internalRealmsOnly;
    List<Realm> nativeRealmsOnly;
    static final /* synthetic */ boolean $assertionsDisabled;

    public Realms(Settings settings, Environment environment, Map<String, Realm.Factory> map, XPackLicenseState xPackLicenseState, ThreadContext threadContext, ReservedRealm reservedRealm) throws Exception {
        super(settings);
        this.realms = Collections.emptyList();
        this.internalRealmsOnly = Collections.emptyList();
        this.nativeRealmsOnly = Collections.emptyList();
        this.env = environment;
        this.factories = map;
        this.licenseState = xPackLicenseState;
        this.threadContext = threadContext;
        this.reservedRealm = reservedRealm;
        if (!$assertionsDisabled && map.get(ReservedRealm.TYPE) != null) {
            throw new AssertionError();
        }
        this.realms = initRealms();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (Realm realm : this.realms) {
            if (InternalRealms.isInternalRealm(realm.type(), false)) {
                arrayList.add(realm);
            }
            if ("file".equals(realm.type()) || "native".equals(realm.type())) {
                arrayList2.add(realm);
            }
        }
        for (List<Realm> list : Arrays.asList(arrayList, arrayList2)) {
            if (list.isEmpty()) {
                addNativeRealms(list);
            }
            if (!$assertionsDisabled && list.contains(reservedRealm)) {
                throw new AssertionError();
            }
            list.add(0, reservedRealm);
            if (!$assertionsDisabled && list.get(0) != reservedRealm) {
                throw new AssertionError();
            }
        }
        this.internalRealmsOnly = Collections.unmodifiableList(arrayList);
        this.nativeRealmsOnly = Collections.unmodifiableList(arrayList2);
    }

    @Override // java.lang.Iterable
    public Iterator<Realm> iterator() {
        if (!this.licenseState.isAuthAllowed()) {
            return Collections.emptyIterator();
        }
        switch (this.licenseState.allowedRealmType()) {
            case ALL:
                return this.realms.iterator();
            case DEFAULT:
                return this.internalRealmsOnly.iterator();
            case NATIVE:
                return this.nativeRealmsOnly.iterator();
            default:
                throw new IllegalStateException("authentication should not be enabled");
        }
    }

    public List<Realm> asList() {
        if (!this.licenseState.isAuthAllowed()) {
            return Collections.emptyList();
        }
        switch (this.licenseState.allowedRealmType()) {
            case ALL:
                return Collections.unmodifiableList(this.realms);
            case DEFAULT:
                return Collections.unmodifiableList(this.internalRealmsOnly);
            case NATIVE:
                return Collections.unmodifiableList(this.nativeRealmsOnly);
            default:
                throw new IllegalStateException("authentication should not be enabled");
        }
    }

    public Realm realm(String str) {
        for (Realm realm : this.realms) {
            if (str.equals(realm.config.name)) {
                return realm;
            }
        }
        return null;
    }

    public Realm.Factory realmFactory(String str) {
        return this.factories.get(str);
    }

    protected List<Realm> initRealms() throws Exception {
        Settings settings = RealmSettings.get(this.settings);
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        for (String str : settings.names()) {
            Settings asSettings = settings.getAsSettings(str);
            String str2 = asSettings.get("type");
            if (str2 == null) {
                throw new IllegalArgumentException("missing realm type for [" + str + "] realm");
            }
            Realm.Factory factory = this.factories.get(str2);
            if (factory == null) {
                throw new IllegalArgumentException("unknown realm type [" + str2 + "] set for realm [" + str + "]");
            }
            RealmConfig realmConfig = new RealmConfig(str, asSettings, this.settings, this.env, this.threadContext);
            if (realmConfig.enabled()) {
                if ("file".equals(str2) || "native".equals(str2)) {
                    if (hashSet.contains(str2)) {
                        throw new IllegalArgumentException("multiple [" + str2 + "] realms are configured. [" + str2 + "] is an internal realm and therefore there can only be one such realm configured");
                    }
                    hashSet.add(str2);
                }
                arrayList.add(factory.create(realmConfig));
            } else if (this.logger.isDebugEnabled()) {
                this.logger.debug("realm [{}/{}] is disabled", str2, str);
            }
        }
        if (arrayList.isEmpty()) {
            addNativeRealms(arrayList);
        } else {
            Collections.sort(arrayList);
        }
        arrayList.add(0, this.reservedRealm);
        return arrayList;
    }

    public Map<String, Object> usageStats() {
        HashMap hashMap = new HashMap();
        Iterator<Realm> it = iterator();
        while (it.hasNext()) {
            Realm next = it.next();
            if (!ReservedRealm.TYPE.equals(next.type())) {
                hashMap.compute(next.type(), (str, obj) -> {
                    if (obj == null) {
                        return convertToMapOfLists(next.usageStats());
                    }
                    if (!$assertionsDisabled && !(obj instanceof Map)) {
                        throw new AssertionError();
                    }
                    combineMaps((Map) obj, next.usageStats());
                    return obj;
                });
            }
        }
        XPackLicenseState.AllowedRealmType allowedRealmType = this.licenseState.allowedRealmType();
        for (String str2 : this.factories.keySet()) {
            if (!$assertionsDisabled && ReservedRealm.TYPE.equals(str2)) {
                throw new AssertionError();
            }
            hashMap.compute(str2, (str3, obj2) -> {
                if (obj2 == null) {
                    return MapBuilder.newMapBuilder().put("enabled", false).put("available", Boolean.valueOf(isRealmTypeAvailable(allowedRealmType, str2))).map();
                }
                if (!$assertionsDisabled && !(obj2 instanceof Map)) {
                    throw new AssertionError();
                }
                Map map = (Map) obj2;
                map.put("enabled", true);
                if (!$assertionsDisabled && !isRealmTypeAvailable(allowedRealmType, str2)) {
                    throw new AssertionError();
                }
                map.put("available", true);
                return obj2;
            });
        }
        return hashMap;
    }

    private void addNativeRealms(List<Realm> list) throws Exception {
        Realm.Factory factory = this.factories.get("file");
        if (factory != null) {
            list.add(factory.create(new RealmConfig("default_file", Settings.EMPTY, this.settings, this.env, this.threadContext)));
        }
        Realm.Factory factory2 = this.factories.get("native");
        if (factory2 != null) {
            list.add(factory2.create(new RealmConfig("default_native", Settings.EMPTY, this.settings, this.env, this.threadContext)));
        }
    }

    private static void combineMaps(Map<String, Object> map, Map<String, Object> map2) {
        for (Map.Entry<String, Object> entry : map2.entrySet()) {
            map.compute(entry.getKey(), (str, obj) -> {
                if (obj == null) {
                    return new ArrayList(Collections.singletonList(entry.getValue()));
                }
                if (!$assertionsDisabled && !(obj instanceof List)) {
                    throw new AssertionError();
                }
                ((List) obj).add(entry.getValue());
                return obj;
            });
        }
    }

    private static Map<String, Object> convertToMapOfLists(Map<String, Object> map) {
        HashMap hashMap = new HashMap(map.size());
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), new ArrayList(Collections.singletonList(entry.getValue())));
        }
        return hashMap;
    }

    private static boolean isRealmTypeAvailable(XPackLicenseState.AllowedRealmType allowedRealmType, String str) {
        switch (allowedRealmType) {
            case ALL:
                return true;
            case DEFAULT:
                return InternalRealms.isInternalRealm(str, true);
            case NATIVE:
                return "file".equals(str) || "native".equals(str);
            case NONE:
                return false;
            default:
                throw new IllegalStateException("unknown enabled realm type [" + allowedRealmType + "]");
        }
    }

    static {
        $assertionsDisabled = !Realms.class.desiredAssertionStatus();
    }
}
